Controlling access to and distribution of enterprise resources, such as documents, databases, and executable applications, in a networked environment is critical to ensure that only authorized users and network-connected devices may gain access to sensitive information. Depending on the sensitivity of a given resource, an array of authorization rules may be necessary to ensure that the resource is adequately protected. Some resources may only require ensuring that the proper user is requesting the resource. Other resources may require compliance with more stringent authorization rules, such as determining whether the client device is located within an authorized location, determining whether the current time is within an authorized time window, determining whether an appropriate transport protocol is used (i.e., http and/or https) by the requesting device, determining whether the resource is accessed from a secured device, etc.
To date, enterprises have distributed resources to network-connected resources using internal secured networks and VPN tunnels to those networks. While these methods provide a secure channel for distribution, these methods typically do not authenticate the recipient beyond ensuring a proper recipient. Additionally, these methods are ineffective to continuously ensure that the resource is protected, as they fail to ensure that the resource is protected beyond the initial grant of access to the resource. This is problematic because the recipient of the resource may at some point cease to comply with the conditions required to receive access to the resource. Consequently, these methods fails to continuously ensure that only authorized client devices retain access to location-sensitive and time-sensitive resources. Finally, these methods do not restrict an authorized recipient from subsequently transmitting certain resources to other potentially unauthorized recipients.